Merge pull request #389 from FraunhoferISST/chore/qgate-review-incorp

Chore: incorporate Q-Gate Review

.github/workflows/build-image-backend.yml

@@ -51,6 +51,23 @@ jobs:
             -   name: Checkout
                 uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
+            # Copy legal information from root dir to backend dir for publishing
+
+            -   name: Copy and paste legal information
+                run: |
+                    cp ./DEPENDENCIES_BACKEND ./backend/DEPENDENCIES
+                    cp ./LICENSE ./backend/LICENSE
+                    cp ./NOTICE.md ./backend/NOTICE.md
+                    cp ./SECURITY.md ./backend/SECURITY.md
+
+            # Needed to create multi-platfrom image
+            -   name: Set up Docker Buildx
+                uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+
+            # Needed to create multi-platfrom image
+            -   name: Set up QEMU
+                uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+
             # Create SemVer or ref tags dependent of trigger event
             -   name: Docker meta
                 id: meta
@@ -79,6 +96,7 @@ jobs:
                 with:
                     context: ./backend
                     file: ./backend/Dockerfile
+                    platforms: linux/amd64, linux/arm64
                     push: ${{ github.event_name != 'pull_request' }}
                     tags: ${{ steps.meta.outputs.tags }}
                     labels: ${{ steps.meta.outputs.labels }}

.github/workflows/build-image-frontend.yml

@@ -51,6 +51,41 @@ jobs:
             -   name: Checkout
                 uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
+            -   name: Setup Node
+                uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+                with:
+                    node-version: 20
+                    registry-url: https://registry.npmjs.org/
+
+            -   name: Get npm version
+                id: npm-tag
+                uses: martinbeentjes/npm-get-version-action@3cf273023a0dda27efcd3164bdfb51908dd46a5b # v1.3.1
+
+            -   name: Install Dependencies
+                working-directory: ./frontend
+                run: npm install
+
+            # Replace "about license" information
+            -   name: Update legal notice
+                working-directory: ./frontend
+                run: bash ./scripts/legal-notice.sh
+
+            -   name: Build for Docker
+                working-directory: ./frontend
+                run: npm run dockerbuild
+
+            # Copy legal information from root dir to frontend dir for publishing
+            -   name: Copy and paste legal information
+                run: |
+                    cp ./DEPENDENCIES_FRONTEND ./frontend/DEPENDENCIES
+                    cp ./LICENSE ./frontend/LICENSE
+                    cp ./NOTICE.md ./frontend/NOTICE.md
+                    cp ./SECURITY.md ./frontend/SECURITY.md
+
+            # Needed to create multi-platfrom image
+            -   name: Set up Docker Buildx
+                uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+
             # Create SemVer or ref tags dependent of trigger event
             -   name: Docker meta
                 id: meta
@@ -78,7 +113,8 @@ jobs:
                 uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
                 with:
                     context: ./frontend
-                    file: ./frontend/Dockerfile
+                    file: ./frontend/Dockerfile.prebuilt
+                    platforms: linux/amd64, linux/arm64
                     push: ${{ github.event_name != 'pull_request' }}
                     tags: ${{ steps.meta.outputs.tags }}
                     labels: ${{ steps.meta.outputs.labels }}

.github/workflows/helm-test.yml

@@ -112,21 +112,17 @@ jobs:
                     ct install --charts charts/puris --helm-extra-set-args "--set backend.image.repository=${{ env.REGISTRY }}/${{ env.APP_BACKEND_NAME}} --set backend.image.tag=${{ env.TAG }} --set frontend.image.repository=${{ env.REGISTRY }}/${{ env.APP_FRONTEND_NAME }} --set frontend.image.tag=${{ env.TAG }}"
                 if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
 
-            -   name: Generate random password (This password is only a placeholder for the next step and will not used).
-                id: generate-password
-                run: |
-                    echo "PASSWORD=PLACEHOLDER_PW" >> $GITHUB_ENV
-
             # Upgrade the released chart version with the locally available chart
             # default value for event_name != workflow_dispatch
             # Setting passwords during upgrade:
-            # - The postgresPassword/password will be set via postgres-init.yaml.
-            # - The dtr.idp.clients.edc.puris.secret is new and needs to be set during upgrade as not set in previous version
+            # - set existing secret to value currently defaulted
+            # - insert password to postgres directly due to empty default for reuse during upgrade
+            # https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases
             -   name: Run helm upgrade
                 run: |
                     helm repo add bitnami https://charts.bitnami.com/bitnami
                     helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
-                    helm install puris tractusx-dev/puris --version ${{ github.event.inputs.upgrade_from || '1.0.0' }}
+                    helm install puris tractusx-dev/puris --version ${{ github.event.inputs.upgrade_from || '1.0.0' }} --set postgresql.auth.existingSecret="secret-puris-postgres-init"
                     helm dependency update charts/puris
-                    helm upgrade puris charts/puris --set backend.puris.datasource.password=$PASSWORD --set backend.puris.dtr.idp.clients.puris.secret=$PASSWORD
+                    helm upgrade puris charts/puris
                 if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'

CHANGELOG.md

@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [v2.0.0](https://github.com/eclipse-tractusx/puris/releases/tag/v2.0.0)
+## [v2.0.0](https://github.com/eclipse-tractusx/puris/releases/tag/2.0.0)
 
 The following Changelog lists the changes. Please refer to the [documentation](docs/README.md) for configuration needs
 and understanding the concept changes.
@@ -83,6 +83,11 @@ The **need for configuration updates** is **marked bold**.
 
 ### Known Knowns
 
+#### Security
+
+The Backend is currently secured via API Key while the Frontend already uses an API-KEY. See
+[Admin Guide](./docs/admin/Admin_Guide.md) for further information.
+
 #### Upgradeability
 
 As currently no active user was known migrations of data are not yet supported. The chart technically is upgradeable.
@@ -102,7 +107,7 @@ For productive use the following enhancements are encouraged
 
 To be checked
 
-## [v1.0.0](https://github.com/eclipse-tractusx/puris/releases/tag/v1.0.0)
+## [v1.0.0](https://github.com/eclipse-tractusx/puris/releases/tag/1.0.0)
 
 ### Added
 

CONTRIBUTING.md

@@ -8,7 +8,7 @@ The companies involved want to increase the automotive industry's
 competitiveness, improve efficiency through industry-specific cooperation and
 accelerate company processes through standardization and access to information
 and data. A special focus is also on SMEs, whose active participation is of
-central importance for the network’s success. That is why Catena-X has been
+central importance for the network's success. That is why Catena-X has been
 conceived from the outset as an open network with solutions ready for SMEs,
 where these companies will be able to participate quickly and with little IT
 infrastructure investment. Tractus-X is meant to be the PoC project of the
@@ -56,3 +56,31 @@ https://www.eclipse.org/projects/handbook/#resources-commit
 Contact the project developers via the project's "dev" list.
 
 * https://accounts.eclipse.org/mailing-list/tractusx-dev
+
+## Hand's On PURIS!
+
+To directly participate in the development of PURIS feel free to create an issue for Bugs or Features (User Story) in
+repository.
+
+You can also take over existing issues or just fix things directly in a pull request. To do so:
+
+1. Create a fork (in tab `Code` of this repository on the right side, same row as repository name > click fork)
+2. Clone your fork (copy commands for clone via green `Code` dropdown)
+3. Checkout a new branch
+4. Do the work.
+    - [Follow conventional commits](https://www.conventionalcommits.org/en/v1.0.0/)
+    - Checkout [development documentation](./docs/DEVELOPMENT.md) for frequent questions
+    - Checkout [Tractus-X Release Guidelines](https://eclipse-tractusx.github.io/docs/release) e.g., for open source
+      questions
+    - Run the tests and [local deployment](./local/INSTALL.md) (and refresh information in the view) to ensure you broke
+      nothing
+5. Push your work and create a PR, best with linking to the issue via `#` and a meaningful description.
+    - Check that dependencies are up to date (if not done)
+    - Check and resolve pipeline results
+    - Request the review (if you're contributor)
+6. Iterate over the code changes with the Committers!
+
+> **Get in touch!**
+>
+> Checkout the [open meetings](https://eclipse-tractusx.github.io/community/open-meetings) to get in touch and find
+> mentors and ask contributors on how things are done.

INSTALL.md

@@ -1,71 +1,40 @@
-## Project Installation
-### Running for development using mvn/npm or using docker
-See the `INSTALL.md` files in the [backend](./backend/INSTALL.md) and [frontend](./frontend/INSTALL.md) folder.
-### Running local integration testing user docker compose
-See `Install.md` file in folder [local](./local/docker-compose.yaml) for integration testing environment with two deployed applications and EDCs.
-### Running using helm (deployment)
-1. Configure the application:
-    1. Open the `values.yaml` file in [charts/puris](./charts/puris/values.yaml).
-    2. Edit the following properties to your requirements:
-        - **Ingress**(if you want to enable ingress) for frontend/backend, under *frontend.ingress.* and *backend.ingress.*
-        - **EDC**, under *backend.puris.edc*
-        - **Own data**, under *backend.puris.own*
-        - **Current role for demonstrator**, under *backend.puris.demonstrator.role*
-        - **Postgresql settings**, under `backend.puris.datasource` (only necessary, if `postgres.enabled` is false - else autoconfigured).
-        - **Keycloak** is disabled by default but can be configured under `frontend.puris.keycloak`.
-    > **NOTE**   
-    Further information on the individual properties can be found in the following [README.md](./charts/puris/README.md).
-2. Install dependencies
-```shell
-helm repo add bitnami https://charts.bitnami.com/bitnami
-helm dependency update
-```
+# Project Installation
 
-**Attention**: When using `postgres.enabled` = false and bringing your own database, ensure to set 
-`backend.puris.jpa.hibernate.ddl-auto` = `validate` to prevent **DATA LOSS**.
+Please refer to the following instructions and tips to run the puris application. Per TRG we recommend the installation
+via helm.
+
+## Running using Helm (deployment)
+
+First configure the application to your needs. you can use the [default values.yaml](./charts/puris/values.yaml) as a
+basis. Please find below the most relevant configurations:
 
-#### Run without Ingress 
+- **Ingress** (if you want to enable ingress) for frontend/backend, under `frontend.ingress.` and `backend.ingress.`
+- **EDC**, under `backend.puris.edc`
+- **DTR** incl. keycloak under `backend.puris.dtr`
+- **Own master data**, under `backend.puris.own`
+- **Role demonstration setup**, under `backend.puris.demonstrator.role`
+- **Postgresql settings**, under `backend.puris.datasource` (only necessary, if `postgres.enabled` is false -
+  else autoconfigured).
+- **Frontend Keycloak** is disabled by default but can be configured under `frontend.puris.keycloak`.
 
-3. Run the application:
-```shell
-helm install puris charts/puris \
-    --namespace puris \
-    --create-namespace 
-```
-4. Forward ports for services:
-```shell
-kubectl -n puris port-forward svc/frontend 8080:8080
-kubectl -n puris port-forward svc/backend 8081:8081
-```
-5. Done! The applications should be available at `http://localhost:<forwarded-port>`.
+> **NOTE**
+>
+> Further information on the individual properties and the installation commands can be found in the following
+> [README.md](./charts/puris/README.md).
 
-#### Run with Ingress
+**Attention**: When using `postgres.enabled` = false and bringing your own database, ensure to set
+`backend.puris.jpa.hibernate.ddl-auto` = `validate` to prevent **DATA LOSS**.
+
+## Running for development using mvn/npm or using docker
+
+See the `INSTALL.md` files in the [backend](./backend/INSTALL.md) and [frontend](./frontend/INSTALL.md) folder.
 
-Precondition: please refer to your runtime environment's official documentation on how to enable ingress.
-- [minikube](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/)
-- [kind](https://kind.sigs.k8s.io/docs/user/ingress/)
+## Running local integration testing user docker compose
 
-3. Run the application:
-```shell
-helm install puris charts/puris \
-    --namespace puris \
-    --create-namespace \
-    --set frontend.ingress.enabled=true \
-    --set backend.ingress.enabled=true
-```
-4. Edit /etc/hosts:
-```shell
-# If you are using minikube use minikube ip to get you clusterIp, for kind this is localhost (127.0.0.1)
-sudo vim /etc/hosts
->> add entry for frontend "<cluster ip> <frontend-url.top-level-domain>"
->> add entry for backend "<cluster ip> <backend-url.top-level-domain>"
->> :wq! (save changes)
-```
-5. Done! The applications should be available at:
-    - (frontend) `http://your-frontend-host-address.com`
-    - (backend) `http://your-backend-host-address.com`
+See `Install.md` file in folder [local](./local/docker-compose.yaml) for integration testing environment with two
+deployed applications and EDCs.
 
-## NOTICE
+# NOTICE
 
 This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
 

README.md

@@ -1,6 +1,6 @@
 <div align="center">
   <h2 align="center">PURIS</h2>
-  The Catena-X Predictive Unit Real-Time Information Service (PURIS) for Short Term Demand and Capacity Management
+  The Predictive Unit Real-Time Information Service (PURIS) for Short Term Demand and Capacity Management
 </div>
 
 ## Overview